The increase in cyber-attacks during the Coronavirus pandemic has highlighted the gaps in traditional cybersecurity programs. With the large-scale shift to teleworking, companies have been forced to take their operations online. And this has proved to be a breeding ground for threat actors. From the increase in ransomware attacks and phishing campaigns to bitcoin scams and data leaks, we have witnessed increasingly sophisticated threats across the internet.
There is no denying that cyber threats have far-reaching real-world impact. From stock price to reputation, organizations cannot escape the consequences of a cyber-attack. For example: Twitter’s shares went down by 3% following the recent hack that targeted several profile twitter accounts.
The annual Cost of Data Breach report by the Ponemon Institute has been quantifying this impact for the last 15 years. The Cost of a Data Breach Report 2020 (published by IBM) has found a 1.5% decrease in the average cost from $3.92 million in 2019 to $3.86 million in 2020. However, for organizations that have mandated remote work, the average cost of a data breach is $137,000 more, making the global annual cost almost $4 million.
In this article we explore ways to incorporate the findings from this report to strengthen an organization’s cyber security posture.
Key takeaways from the report’s findings:
Identify stolen or leaked credentials
Stolen credentials, which are the costliest and most frequent threat vectors, are the root cause for 19% of malicious breaches. Despite this, organizations are slow to identify and neutralize leaked credentials. The longer the credentials are exposed the higher the chance that threat actors will exploit them to orchestrate large-scale intrusive attacks.
Which is why it is important to incorporate processes and tools that ensure data leaks related to your organization are monitored continuously. This includes real-time monitoring of the surface web, deep web, and dark web using a comprehensive threat monitoring tool such as CloudSEK’s XVigil.
Monitor for cloud misconfigurations
Cloud misconfigurations are exploited in 19% of malicious breaches. And the cost of these breaches, at $4.41 million, is 14% higher than the average. While the move to cloud-based services and databases are convenient, they come with a unique set of security requirements.
The bedrock of cloud security is a combination of Identify Access Management (IAM), permission controls, and continuous misconfiguration monitoring. XVigil’s Infrastructure Monitor offers solutions to scan for misconfigured cloud storage, web applications, and ports. This allows you to identify and mitigate the risks before they can be exploited by threat actors.
Leverage Artificial Intelligence (AI) to identify and mitigate threats
Automation separates the winners from the losers. The cost of breaches for organizations that have not leveraged end-to-end AI based security solutions was $6.03 million, which is more than double the cost of breaches seen by organizations that have deployed automated security solutions. With a difference of $3.58 million between companies that have deployed automated solutions and those that have not, automation is no longer a bonus, but the very core of effective cybersecurity.
Secure your customers’ PII
80% of data breaches include customers’ Personally Identifiable Information (PII). And each lost or stolen record costs an organization an average of $175, which is 17% higher than the average cost of a stolen record. Since customer PII is the most coveted type of data, it is important to ensure that it is anonymized and backed-up regularly. And as a rule of thumb, enforce strong password policies, encryption standards, and multi-factor authentication.
The healthcare industry needs to up its cybersecurity quotient
It takes the healthcare industry 329 days to identify and contain a breach, which is 49 days more than the average 280 days, and a whopping 96 days more than the financial sector. The faster a breach is identified, the lower the cost incurred. So, it doesn’t come as a surprise that the healthcare sector, for the 10th year in a row, clocked the highest average cost of a breach at $7.13 million, which is a 10.5% increase from 2019.
Timely identification only comes with continuous real time monitoring of internal and external threats. And this cannot be done manually, which is why automation and AI-driven security tools need to be deployed across organizations.
Proactively mitigate remote work related data breaches
With more organizations adopting remote work, there has been a surge in cyber-attacks, globally. Relaxed security controls to support remote work, unsecured home Wi-Fi networks, dependence on conferencing platforms, and the deluge of COVID-related scams have made it easier for threat actors to target organizations.
It is incumbent on organizations to reassess their cybersecurity programs to account for new threat vectors. So much so that 76% of respondents believe that despite their current cybersecurity measures, remote work will increase the time it takes to detect and contain a breach. But by deploying solutions that can address the WFH-related threat vectors, organizations can gain a significant advantage over threat actors.
Given that a data breach can have severe short-term and long-term impacts on an organization, taking preventive measures is a must. And with more and more companies adopting teleworking, the need for continuous monitoring of the internet, for threats related to your organization, is at an all time high.
Here’s where XVigil can help you strengthen your security posture. XVigil’s AI-driven engine scours the internet for threats and data leaks related to your organization, prioritizes it by severity, and provides real time alerts. Thus, giving you enough time to mitigate the threats before it can have adverse impacts on your business.